Configuring the LDAP Resource to Use the nsAccountLock
Attribute

On the Resource Parameters page, set the LDAP
Activation Method field to nsaccountlock.

Set the LDAP Activation Parameter field
to IDMAttribute=true. (IDMAttribute will be specified on the schema in the next step.)
For example, accountLockAttr=true.

On the Account Attributes page, add the value specified in the LDAP Activation Parameter field as an Identity System User
attribute. Set the Resource User attribute to nsaccountlock.
The attribute must be of type string.

Set the nsAccountLock LDAP attribute on the
resource to true.

Identity Manager sets nsaccountlock to true when disabling an account. It also assumes
that pre-existing LDAP users that have nsaccountlock set
to true are disabled. If the nsaccountlock has
any value other than true (including null), the system
concludes the user is enabled.